

Rewterz Threat Advisory – CVE-2019-18232 – ICS: Thales DIS SafeNet Sentinel LDK License Manager Runtime Privilege Escalation Vulnerability
December 6, 2019
Rewterz Threat Alert – Clever Microsoft Phishing Scam Creates a Local Login Form
December 9, 2019
Rewterz Threat Advisory – CVE-2019-18232 – ICS: Thales DIS SafeNet Sentinel LDK License Manager Runtime Privilege Escalation Vulnerability
December 6, 2019
Rewterz Threat Alert – Clever Microsoft Phishing Scam Creates a Local Login Form
December 9, 2019Severity
High
Analysis Summary
A vulnerability in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android which allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
Impact
Inject data into the TCP stream
Affected Vendors
Linux
Affected Products
- Ubuntu 19.10 (systemd)
- Fedora (systemd)
- Debian 10.2 (systemd)
- Arch 2019.05 (systemd)
- Manjaro 18.1.1 (systemd)
- Devuan (sysV init)
- MX Linux 19 (Mepis+antiX)
- Void Linux (runit)
- Slackware 14.2 (rc.d)
- Deepin (rc.d)
- FreeBSD (rc.d)
- OpenBSD (rc.d)
Remediation
- Turn on reverse path filtering
- Encrypted packet size and timing